The COVID-19 malware strain that wipes data from computers
Just like the pandemic that’s been sweeping the globe, a Coronavirus-inspired malware program dubbed “COVID-19.exe” has been infecting computers running Windows with the sole purpose of destroying user data.
What is COVID-19.exe?
COVID-19.exe is a trojan that was crafted to overwrite the master boot record of a computer (the part of the hard drive where information about the system is stored) rendering the machine useless. COVID-19.exe is made to look like ransomware, showing the user a window with a message while it simultaneously runs scripts in the background to wipe important information on the computer.
On March 31, the SonicWall Capture Labs Threat Research Team released a report that walks through how exactly COVID-19.exe is carried out.
When COVID-19.exe installs itself, it disables built-in Windows protection features, such as User Account Control and common tools used for system inspection. It also disables the ability to change or modify the wallpaper. Before the system is forcefully restarted, the user is shown a window to notify that the malware has been installed and that the computer is now infected.
COVID-19.exe infected my device. Now what?
Currently, the only solution to restoring the data lost by COVID-19.exe is to bring the machine to a professional for data recovery.
“Even if the MBR is not restored…data can still be accessed/recovered by mounting the drive. The MBR [also] can be potentially restored, but it is not easy and requires deep technical knowledge.” [SonicWall Interview with Threatpost]
There are some preventative measures you can take, however, for protecting against malware strains like COVID-19.exe. For starters, make sure your machine has antivirus software installed and that is up-to-date— although, antivirus isn't always enough for today's smart home devices.
Additionally, be careful about which email attachments you open on your device, the files you download, and applications you start. These are all typical ways for malware to be executed. If something seems questionable, the best practice is to play it safe and not click through.